Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina.

Published byIan Daniel Modified over 10 years ago

Similar presentations

Presentation on theme: "Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina."— Presentation transcript:

1 Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina 27608-2319 USA +1 919 291 0019 phil.griffin@asn-1.com

2 May 2002 1 OASIS XCBF TC XCBF - XML Common Biometric Format – X9.84 Biometric Information Management and Security – BioAPI Specification Version 1.0 and 1.1 – CBEFF - Common Biometric Exchange File Format X.693 - ASN.1 XML Encoding Rules (XER) X9.96 XML Cryptographic Message Syntax - X9.73 Cryptographic Message Syntax - X.509 Certificates 1024 bytes - X9.68 Compact Domain Certificates 170 bytes

3 May 2002 2 XCBF/X9.84 BiometricObject 1 14000000F40100000100120003... 000000000EC010000BEF7F15DC593F44F

4 May 2002 3 X9.84 Revelation Biometric data cannot be kept confidential –faces can be photographed –voices can be recorded –fingerprints can be lifted –signatures can be copied Thus the security of an authentication system cannot rely on secrecy of biometric data Instead, must ensure the integrity and authenticity of the biometric data – privacy is optional

5 May 2002 4 X9.84 in a Nutshell Establishes a FRAMEWORK consisting of components –Data Capture, Signal Processing, Matching, Storage, etc. Defines REQUIREMENTS for operating a biometric authentication system in a financial services environment –Enrollment, Verification, Identification and Storage Provides TECHNIQUIES satisfying the privacy, integrity and authenticity requirements for biometric data (ASN.1) –Harmonized w/ NISTR 6529 CBEFF & BioAPI Specification 1.0 Offers comprehensive set of CONTROL OBJECTIVES –professional auditor can validate a biometric authentication system

6 May 2002 5 CBEFF XCBF Biometric Architecture Biometric Service Provider BioAPI Framework Application BIR Cryptographic Service Provider X9.84 Biometric Security XER/DER Biometric Object Biometric Validation Control Objectives

7 May 2002 6 XCBF Integrity BiometricSyntax and ASN.1 Encoding Rules (DER, XER) –Integrity and mutual authentication requirements [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity Algorithm Identifier RSA / SHA-1 DSA / SHA-1 ECDSA / SHA-1 MAC or HMAC Security Info algorithm parameters key management info Integrity Value digital signature MAC

8 May 2002 7 XCBF Integrity ASN.1 BiometricObject can be digitally signed, MACed (or HMAC), or used in CMS SignedData or CMS AuthenticatedData using DER or XER [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity IntegrityObject ::= SEQUENCE { biometricObject BiometricObject, integrityBlock IntegrityBlock } IntegrityBlock ::= CHOICE { signature Signature, mac Mac, signedData SignedData, authenticateData AuthenticatedData }

9 May 2002 8 XCBF Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Privacy Option [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy Algorithm Identifier DES Triple DES AES Security Info algorithm parameters key management info Biometric Data encrypted data encrypt Biometric Data (BD) Biometric Data (BD)

10 May 2002 9 XCBF Privacy ASN.1 BiometricObject can be used in CMS EncryptedData, CMS EnvelopedData or encrypted with a named key using DER or XER encoding rules [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy PrivacyObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock } PrivacyBlock ::= CHOICE { fixedKey EncryptedData, namedKey NamedKeyEncryptedData, establishedKey EnvelopedData } NamedKeyEncryptedData ::= SEQUENCE { keyName OCTET STRING, encryptedData EncryptedData } encrypt Biometric Data (BD) Biometric Data (BD)

11 May 2002 10 XCBF Integrity & Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt generate digital signature

12 May 2002 11 XCBF Integrity & Privacy ASN.1 Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt PrivacyAndIntegrityObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock, integrityBlock IntegrityBlock } Represented in XML as......

13 May 2002 12 Useful Links XCBF and X9.84 rely heavily on ITU-T SG17 Technologies. ASN.1 X.680 and X.690 - Directory X.500 Standards Module Database http://www.itu.int/ITU-T/asn1/database/index.html Syntax Checker and Books http://www.ossnokalva.com/ Recommendations http://www.itu.int/ITUT/studygroups/com17/languages/index.html Host: ftp://ties.itu.int login: asn1 password: notation1ftp://ties.itu.int Griffin Consulting -Secure Messaging Design, Tools and Services http://ASN-1.com/

Download ppt "Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina."

Similar presentations

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
International Telecommunication Union ASN.1 Today and Tomorrow © 2002 OSS Nokalva.

International Telecommunication Union ASN.1 Today and Tomorrow © 2002 OSS Nokalva.
Summary Introduction The protocols developed by ITU-T E-Health protocol Architecture of e-Health X.th1 X.th2 to X.th6 Common Alerting Protocol Conclusion.

Summary Introduction The protocols developed by ITU-T E-Health protocol Architecture of e-Health X.th1 X.th2 to X.th6 Common Alerting Protocol Conclusion.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
11-1 ©2007 Raj JainCSE571SWashington University in St. Louis Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130

11-1 ©2007 Raj JainCSE571SWashington University in St. Louis Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130
Authentication Applications

Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
PIV Data Model Testing Ketan Mehta March 3, 2006.

PIV Data Model Testing Ketan Mehta March 3, 2006.

Similar presentations

Ads by Google